“For existing cards, issuers may take a decision, based on their risk perception, whether to disable the card not present (domestic and international) transactions, card present (international) transactions, and contactless transaction rights. Existing cards, which have never been used for online (card not present)/international/contactless transactions, shall be mandatorily disabled for this purpose,” the RBI said in a notification on its website.
When a bank issues a debit or credit card, it also gives internet banking credentials. However, those not comfortable with such transactions are easy victims of call-centre frauds, where the fraudster calls and seeks information of the card, one-time password (OTP), to siphon off money.
In a way, the RBI is assuming that people who already do online transactions know the importance of CVV numbers, or OTPs and do not part with them over a phone call. They can continue with such facility. But people not aware of internet-related frauds will not have to bother about such frauds happening with them as that very facility won’t be available by default anymore.
The RBI also told banks
to provide all cardholders the facility to “switch on/off and set/modify transaction limits (within the overall card limit, if any, set by the issuer) for all types of transactions —domestic and international — at PoS/ATMs/online transactions/contactless transactions, etc.”
This facility should be made available on a 24x7 basis through multiple channels — mobile application/internet banking/ATMs/interactive voice response — and can be offered through branches as well.
The banks should send alerts, update on information, status, etc through text messagess and email, as and when there is any change in the status of the card, the RBI said.